It's irrelevant what they 'could' get - we all have a right to PRIVACY.

That includes what we buy and where we buy it.

Any corrupt employee (yes, you can trust everyone who has access to data eh?) or anyone else if the data is leaked can use this sort of information to determine your regular patterns, or other patterns.

For instance one of my clients went on an overseas trip - while he was away a crime syndicate forged his identity and bought all the hardware necessary to set up a grow op. It was determined by the local authorities that this was done by someone who had access to enough computer records to not only know a large amount of data on him and his family but enough to have a new credit card issued at exactly the same time he was travelling overseas.

Data is NEVER safe - Personal data accumulated by governments IS a target because it is valuable. People screw up and not everyone with 'legal' access to the data is trustworthy.

The best way to prevent abuse is to remove the mechanism that gathers it in the first place.